Web applications may have security vulnerabilities that may be exploited by third parties. Third parties may attempt to exploit such vulnerabilities by attacks such as cross site scripting or SQL injection. Modern web application security scanners are programs which can identify potential security vulnerabilities in web applications. Web application scanners may not have access to the source code of a web application, but may instead detect vulnerabilities by performing actual attacks on a web application.